DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th February 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Thanked 0 Times in 0 Posts
Default Is this a security incident?

Hi
I recently did:
Code:
#netstat -f inet -an
On my OpenBSD machine. The output caught my attention. It was something like:
Code:
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
                  192.168.1.67:12349   192.168.1.254:53  ESTABLISHED
I just wondered why i was getting connection from a source port of 53 on my router to my OpenBSD box?
Any thoughts?.
regards
Reply With Quote
  #2   (View Single Post)  
Old 24th February 2011
rocket357's Avatar
rocket357 rocket357 is offline
Real Name: Jonathon
Wannabe OpenBSD porter
 
Join Date: Jun 2010
Location: 127.0.0.1
Posts: 317
Thanked 9 Times in 9 Posts
Default

Sounds to me like your machine was performing a dns query the instant you ran netstat. What's the output of "grep nameserver /etc/resolv.conf"?
Reply With Quote
  #3   (View Single Post)  
Old 24th February 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,135
Thanked 182 Times in 149 Posts
Default

Your local address is 192.168.1.67. It is using port 12349 as source to do a DNS query to IP address 192.168.1.254 (foreign address) on port 53 (the reserved port for DNS queries).

Nothing wrong
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 24th February 2011
unixjingleman unixjingleman is offline
Fdisk Soldier
 
Join Date: Jan 2011
Posts: 70
Thanked 0 Times in 0 Posts
Default

Thanks for your speedy replies. I just remembered the reason that i thought that it might have been a security incident. On my MacBook, in the firewall logs, it logs such connections as "stealth mode connection attempts". I thought that it might have been a security incident due to these logs. Then i remembered that as far as hosts on my LAN are concerned the DNS server is the router. So yeah thanks for that.
regards
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
NetBSD New security advisories J65nko News 0 16th January 2010 12:05 PM
security apache Nk2Network FreeBSD Security 6 19th January 2009 05:12 AM
Source code of coreutils to create Incident Response Disk audio FreeBSD General 6 5th July 2008 11:00 AM


All times are GMT. The time now is 07:13 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick